Fingerprinting

Description

Fingerprinting is a broad term that describes searching for telltale signs that a specific application or system component is running on a given system. These telltale signs are called fingerprints. They are usually fragments of responses produced by the system that include application name and/or version information.

Fingerprinting is used by attackers to find targets. It is not in itself a vulnerability, but it might facilitate additional attacks. For example, if an application with a SQL injection vulnerability is installed on the server and it is possible to find it using fingerprinting, an attacker will be able to compromise the server using that application. The actual vulnerability is SQL injection, and it is present regardless of fingerprinting, but fingerprinting could be the method used to find the vulnerability and allow an attack to take place.

All application types are affected by fingerprinting.

Impact

The impact of fingerprinting depends on whether there are vulnerabilities to be found on the system, and on the nature of those vulnerabilities. If the attacker finds no vulnerabilities, fingerprinting yields no advantage. If the attacker finds vulnerabilities that allow full system compromise, the attacker will achieve full system compromise. If the vulnerability allows something less than full system compromise, the attacker most likely won't be looking for it. Most attackers use fingerprinting to find systems that they can compromise.

Fingerprinting can also be used just to see what's running on a system, but that doesn't have much impact in itself. This type of fingerprinting is often used during penetration testing and its impact is that the tester finds out what's running on the system.

Countermeasures

It might not be possible to prevent fingerprinting completely, but the potential for fingerprinting can be reduced. For example, you can reduce fingerprinting by not putting the name of the application on the front page of the application, or on other pages that are available without authentication. The goal is to make it difficult to find instances of the application using automated tools.

To mitigate fingerprinting, harden the server and reduce application fingerprints.